what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 29 RSS Feed

Files

WinRAR 3.80 Filename Spoofing
Posted Sep 29, 2009
Authored by chr1x

WinRAR version 3.80 suffers from a ZIP filename spoofing vulnerability.

tags | advisory, spoof
SHA-256 | 4880f2bb7f9786ba0a35c233213dc63a64301bccc3f90b77bbd582104b13228f

Related Files

WinRAR Remote Code Execution
Posted Sep 8, 2023
Authored by Alexander Hagenah | Site metasploit.com

This Metasploit module exploits a vulnerability in WinRAR (CVE-2023-38831). When a user opens a crafted RAR file and its embedded document, the decoy document is executed, leading to code execution.

tags | exploit, code execution
advisories | CVE-2023-38831
SHA-256 | 28f3b59d37ee5a8aa6ff17510a7cd49a93cb8fcb3b1027ca4545c6a2e7de6f4f
WinRAR 5.80 Memory Corruption
Posted Oct 20, 2019
Authored by albalawi-s

WinRAR version 5.80 suffers from a memory corruption vulnerability that allows for denial of service.

tags | exploit, denial of service
SHA-256 | 52f90a62ce54f13ae494dd6c27b1f01a8cd0a44815f923600fd7c2e20af925b3
RARLAB WinRAR ACE Format Input Validation Remote Code Execution
Posted Apr 24, 2019
Authored by Imran Dawoodjee, Nadav Grossman | Site metasploit.com

In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path. This module will attempt to extract a payload to the startup folder of the current user. It is limited such that we can only go back one folder. Therefore, for this exploit to work properly, the user must extract the supplied RAR file from one folder within the user profile folder (e.g. Desktop or Downloads). User restart is required to gain a shell.

tags | exploit, shell
advisories | CVE-2018-20250
SHA-256 | 195eaa1e914aee3e46e371994c1ebf7f8bc0d0140c077d3ce83d37137bc89326
WinRAR 5.30 DLL Hijacking
Posted Feb 8, 2016
Authored by Stefan Kanthak

WinRAR versions 5.30 and below suffer from a DLL hijacking vulnerability.

tags | advisory
systems | windows
SHA-256 | 26acb815e8abef59d0551c80639141cfcdbaaa4240e042546d4ad73062179ac6
Rar CmdExtract::UnstoreFile Integer Truncation Memory Corruption
Posted Dec 14, 2015
Authored by Tavis Ormandy, Google Security Research

The attached file crashes in CmdExtract::UnstoreFile because the signed int64 DestUnpSize is truncated to an unsigned 32bit integer. Perhaps CmdExtract::ExtractCurrentFile should sanity check Arc.FileHead.UnpSize early. The researcher observed this crash in Avast Antivirus, but the origin of the code appears to be the unrar source distribution. Many other antiviruses may be affected, and presumably WinRAR and other archivers.

tags | exploit
systems | linux
SHA-256 | f997e4c151ea3e156d9094a7b24afa34f8a5710d3d6e665444df919da07dc43c
WinRAR Settings Import Command Execution
Posted Oct 2, 2015
Authored by R-73eN

WinRAR settings import command execution proof of concept exploit.

tags | exploit, proof of concept
SHA-256 | dac679a571be8faa5e8774fd313bbbc45be49a86dc7067b4c95eb95ccfeabdea
WinRAR Expired Notification Command Execution
Posted Oct 1, 2015
Authored by R-73eN

WinRAR suffers from an expired notification OLE remote command execution vulnerability.

tags | exploit, remote
SHA-256 | db092f276378558a38672a576c156ba5b7be056d2913c9e54a2bee5c5dd5ad96
WinRAR Filename Spoofing
Posted Apr 7, 2014
Authored by chr1x, juan vazquez | Site metasploit.com

This Metasploit module abuses a filename spoofing vulnerability in WinRAR. The vulnerability exists when opening ZIP files. The file names showed in WinRAR when opening a ZIP file come from the central directory, but the file names used to extract and open contents come from the Local File Header. This inconsistency allows to spoof file names when opening ZIP files with WinRAR, which can be abused to execute arbitrary code, as exploited in the wild in March 2014.

tags | exploit, arbitrary, local, spoof
advisories | OSVDB-62610
SHA-256 | 77adfa4fa0e23c97becb1de4580cf456d6594ca7beef63394258815f48627e38
WinRAR 4.20 File Extension Spoofing
Posted Mar 25, 2014
Authored by Danor Cohen

WinRAR version 4.20 suffers from a file extension spoofing vulnerability.

tags | advisory, spoof
SHA-256 | 82cbbc5f4144a0fc90c9e134c84a23a3de5dbc828d91d37dafd7aa754218b05c
Rarlab.com SQL Injection
Posted Feb 11, 2009
Authored by MurderSkillz

RARlab.com, the makers of WinRAR, suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 35139152dea6419a75a272d05fca49b76748b9c1696f7d4fd3ea427a062cee3c
Secunia Security Advisory 29407
Posted Mar 20, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in WinRAR, which can potentially be exploited by malicious people to compromise a vulnerable system.

tags | advisory, vulnerability
SHA-256 | c3b7f600e5cb31f92a1c831aacdd17fa43b5fd5eeaa6a629abaf9372a09dc467
04072006_rarlabs.pdf
Posted Jul 24, 2006
Authored by Ryan Smith | Site hustlelabs.com

WinRAR versions less than 3.60 beta 7 and greater than 3.0 suffer from multiple buffer overflows due to a lack of constraints while copying data.

tags | advisory, overflow
SHA-256 | f8b7381f74499f50992c3a3cf3c3f915a313f8b38f1c339d779fb109ce1a2ea2
Secunia Security Advisory 21080
Posted Jul 20, 2006
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ryan Smith has reported a vulnerability in WinRAR, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 3079baa111461598224f8d5b8eb3d91d22b21f97f501d5837966e93403662c48
ihs_winrar.c
Posted Jan 8, 2006
Authored by c0d3r

WinRAR local buffer overflow exploit for versions 3.3.0 and below.

tags | exploit, overflow, local
SHA-256 | 74b04fbbeb8322c1240670f0d444c12756eb79f8d215e2ac599f516d07215d52
winrar330.c
Posted Jan 4, 2006
Authored by Alpha_Programmer

WinRAR version 3.30 suffers from a buffer overflow vulnerability when processing a long file name. Proof of concept exploit provided.

tags | exploit, overflow, proof of concept
SHA-256 | 15e8264363d5f7bd7a12704f3585a6269bf2946347c178acf4a069b9e9a7ae1d
WinRAR-filename.txt
Posted Dec 28, 2005
Authored by agoanywhere

WinRAR 3.51 suffers from a buffer overflow if certain characters are present in the name of the file(s) to be compressed.

tags | advisory, overflow
SHA-256 | ddda7ec6ded5b8ebfbbff4d745a49f1164ac744b2175fa059240329761a004d4
0xletzdance.rar
Posted Nov 2, 2005
Authored by unl0ck, Darkeagle | Site exploiterz.org

Exploits for WinRAR versions 3.4x and below, possibly 3.5x.

SHA-256 | 321977b4c6611a137dee4e707f96acbc2b75443b57c3581fec815f9e2657831e
letzdance.txt
Posted Nov 2, 2005
Authored by unl0ck | Site exploiterz.org

WinRAR buffer overflows.

tags | overflow
SHA-256 | 90d54e16299358d932b6f78041aad06dd2aa92f2df7549d6bdd0263999e2aaf6
winrar.txt
Posted Nov 2, 2005
Authored by unl0ck | Site exploiterz.org

WinRAR buffer overflow.

tags | overflow
SHA-256 | a5ef16f60fa6fece01d1f8649b6144416df3bd015ad655b93fab927114faf5c1
un-wRAR.rar
Posted Nov 2, 2005
Authored by unl0ck, Darkeagle | Site exploiterz.org

Winrar versions 3.41 and below local proof of concept exploit.

tags | local, proof of concept
SHA-256 | 815b7c75f9ecf39510d580b6cb7dd6a84aa4eff0caf53a9c5a91108673941135
winrar-3.50-eng.txt
Posted Oct 18, 2005
Authored by edward11

Local exploit for winrar versions less than or equal to 3.50 ENG version.

tags | exploit, local
SHA-256 | 72532d2181fcd53d15f1e8bd9f2d67844fe4b60830d28411c6b8cc7676e69520
secunia-winrar.txt
Posted Oct 12, 2005
Site secunia.com

Secunia Research has discovered two vulnerabilities in WinRAR, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | f80aca9ebb6b20dbbba325eb32ba1624a50cc34599b4f12202258c524fb59f20
Secunia Security Advisory 16973
Posted Oct 11, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Secunia Research has discovered two vulnerabilities in WinRAR, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | 261971cc390f0be498350656d91664e1b6b7b58dc9e974ceb40de472ee5d4cae
winrar341.txt
Posted Dec 30, 2004
Authored by Vafa Khoshaein

WinRAR proof of concept buffer overflow exploit for version 3.41 and below.

tags | exploit, overflow, proof of concept
SHA-256 | 7ec65fbd45117f3acb635f6d0cda142fb755fdac4f9f386371a85da96f21c9e8
winrar.zip
Posted Aug 26, 2002

an rar program for windows. regestration info listeded in

tags | bbs
systems | windows
SHA-256 | e4579bae3f438671f00e41191719e905c4a78bcab52a2e60c0ca6ea68b6d313e
Page 1 of 2
Back12Next

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    37 Files
  • 27
    Feb 27th
    34 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close